0

I just implemented AspNetCore Identity into my AspNetCore 2.1 MVC Web app. I am have not made any "custom" changes to the Identity code. I have local logins enabled with AspNetUsers table in my DB. I have enabled Google and Twitter logins in my app. They both work perfectly, users are getting redirected to the respective social platform login pages and then getting sent back to app page. This all works perfectly! The issue comes in when the Google or Twitter user logs out. The app directs the user to the Log out.cshtml page and executes the below method.

public async Task<IActionResult> OnPost(string returnUrl = null)
{
    await _signInManager.SignOutAsync();
    _logger.LogInformation("User logged out.");
    if (returnUrl != null)
    {
        return LocalRedirect(returnUrl);
    }
    else
    {
        return Page();
    }
}

After the logout is executed the user is redirected to the home page of my app. Then when that same users decides to log back into the app, they are taken to the login page. On the login page, when the user clicks the Google or Twitter button to login, they are seamlessly logged into the app without getting prompted for user Id/password anywhere. I ran this code in debug and it all works without any errors. I can even see the authentication cookie getting removed from Chrome console.

Here is how I have Identity setup in my Startup.cs.

services.AddIdentity<ApplicationUser, IdentityRole>(options =>
{
    //lockout settings
    options.Lockout.AllowedForNewUsers = true;
    options.Lockout.MaxFailedAccessAttempts = 3;
    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
    // Password settings
    options.Password.RequireDigit = true;
    options.Password.RequiredLength = 8;
    options.Password.RequiredUniqueChars = 2;
    options.Password.RequireLowercase = true;
    options.Password.RequireNonAlphanumeric = true;
    options.Password.RequireUppercase = true;
    // Signin settings
    options.SignIn.RequireConfirmedEmail = true;
    options.SignIn.RequireConfirmedPhoneNumber = false;
    // User settings
    options.User.RequireUniqueEmail = true;
})
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddUserManager<EXLNTUserManager>()
    .AddDefaultTokenProviders();

//Google authentication
services.AddAuthentication().AddGoogle(googleOptions =>
{
    googleOptions.ClientId = Configuration["GooglePlusApi:client_id"];
    googleOptions.ClientSecret = Configuration["GooglePlusApi:client_secret"];
});

//Twitter authentication
services.AddAuthentication().AddTwitter(twitterOptions =>
{
    twitterOptions.ConsumerKey = Configuration["TwitterApi:ConsumerKey"];
    twitterOptions.ConsumerSecret = Configuration["TwitterApi:ConsumerSecret"];
});

I have read the MS Docs multiple times and followed them step by step to implement these social logins. Not sure what I am missing here. I hope someone can help me out here!

Camilo Terevinto
  • 31,141
  • 6
  • 88
  • 120
exlnt
  • 293
  • 3
  • 20
  • See https://stackoverflow.com/a/37745649/310601. – Mark G Jul 23 '18 at 23:15
  • @CamiloTerevinto I guess that other question applies to my question but it does not really provide a solution that I can apply. – exlnt Jul 24 '18 at 17:18
  • Because there is no solution. There's nothing you can do to log out the user from the third-party service. The solution is understanding how OAuth works – Camilo Terevinto Jul 24 '18 at 17:25

0 Answers0